/
CHANGELOG.txt
3153 lines (2554 loc) · 145 KB
/
CHANGELOG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
### Stable BOA-2.1.3 Release - Full Edition
### Date: Thu Nov 21 17:55:47 SGT 2013
### Includes Aegir 2.x-boa-custom version.
# Release Notes:
This release provides Drupal 7.24.1 and Pressflow 6.29.1 core security upgrade
for all supported distributions. It also includes two updated platforms and
several fixes for issues discovered since BOA-2.1.2 released 3 days ago, plus
some clever improvements to help you automatically optimize all tables daily,
or even automatically convert tables to-innodb or to-myisam, either per site
or per platform, or per entire Octopus instance. There is also Purge Cruft
Machine available to run some spring-cleaning daily with configurable TTL.
Enjoy another super-fast and even more clever BOA Edition!
# Updated Octopus platforms:
### Drupal 7.24.1
Open Atrium 2.0.9 ------------ http://drupal.org/project/openatrium
OpenScholar 3.9.3 ------------ http://openscholar.harvard.edu
# New features and enhancements in this release:
* Purge Cruft Machine moved to daily.sh agent and made configurable
with _DEL_OLD_BACKUPS and _DEL_OLD_TMP per Octopus instance.
If changed to any number greater than "0" it will automatically delete
backups stored in the /data/disk/U/backups/ directory and in all hosted
sites backup_migrate directories, during daily cleanup, if created more
than X days ago, where X is a number of days defined in _DEL_OLD_BACKUPS.
If "0" then this feature is disabled. It can't be configured via INI files,
so you may need to submit support request if you want to customize this
option set to 7 days by default on all hosted instances, as per our
backups policy: https://omega8.cc/backups
The same logic applies to _DEL_OLD_TMP which defines for how long the
temporary files in all hosted sites files/tmp/ and private/temp/ directories
are kept before deleting them during running daily maintenance.
* Added sql_conversion_mode variable in the platform and site level INI
to customize instance-wide mode optionally set via _SQL_CONVERT.
This option allows to activate and/or customize DB tables conversion
per site, per platform and via _SQL_CONVERT per Octopus instance.
Supported values are: innodb and myisam (lowercase only!)
Note that this conversion will run daily even if all tables have been
already converted, so it will run OPTIMIZE on all tables, effectively.
Related Issue #2126471 - Convert DB engine control files to ini format.
# Changes in this release:
* Allow to install unsupported distros only in head, not stable.
* Contrib update: advagg-7.x-2.3
* Map drush to drush6 on command line. You can still use drush4 and drush5.
* New contrib: display_cache
* New contrib: panels_content_cache
* Nginx 1.5.7 -- security upgrade.
* Use dev versions of CDN module with patch for AdvAgg 7 compatibility.
* Use Drush 5 and 6 head until next release.
# Fixes in this release:
* Always cleanup temp downloads to avoid failed builds due to leftovers.
* Always fix permissions on contrib on upgrade and in daily.sh agent.
* Better auto-recovery when broken libcurl is detected.
* Delete any tar/gz/zip files in modules|themes|libraries daily.
* Delete dangerous local-allow.info file.
* Display all active INI variables in HTTP headers on dev URLs.
* Fix for cron auto-correction.
* Fix for Feature Server broken due to incorrect context version downloaded.
* Fix the logic for cURL install from sources.
* Nginx: Add Access-Control-Allow-Origin header also for static .json
* Nginx: Protect also .md files in modules|themes|libraries dirs.
* Issue #2137583 - Permissions on the site directory are broken after running,
how ironically, the Health Check task.
* Issue #2138811 - Maintenance agent disables modules from its standard
turn-off list, even if they are required by other modules, apps or features.
# Known Issues on systems upgraded to initial BOA-2.1.3 release
==> Updated on Thu Nov 28 18:33:58 SGT 2013.
@=> Issues which will trigger `barracuda up-stable system` if discovered:
* PHP: Fix for broken cURL from sources install logic.
* PHP: Fix for forced rebuild mode if lib curl is broken or updated.
* PHP: Fix for legacy 5.2 rebuild required when broken libcurl is detected.
* Use dummy variable instead of 'true' to avoid breaking the logic.
@=> Issues which will NOT trigger `barracuda up-stable system` if discovered:
* Add coder to the auto-disabled modules list -- see #2068771
* Excessive and useless Drush internal cache clear in daily.sh
* Issue #2141283 - Drush aliases like `drush dbup` no longer work properly.
* Issue #8215957 - Invalid version type error in old Drush Make.
* MariaDB 5.5.34 just released.
* Redis: Incorrect permissions on the integration module directory.
* Modules can be incorrectly whitelisted by installation profile and
never disabled, while they should be.
# HotFix for known post-upgrade issues
Run the boa-fix-upgrade script when logged in as system root:
$ cd;rm -f boa-fix-upgrade.sh.txt*
$ wget -q -U iCab http://files.aegir.cc/update/boa-fix-upgrade.sh.txt
$ bash boa-fix-upgrade.sh.txt
This script is updated once there is any new regression or bug discovered,
so it is safe and recommended to run it again if the list of known issues
have been updated. Note that this script will detect and fix all Octopus
instances on your system at once.
### Stable BOA-2.1.2 Release - Full Edition
### Date: Mon Nov 18 00:03:30 SGT 2013
### Includes Aegir 2.x-boa-custom version.
# Release Notes:
This is primarily a bug-fix release and you should read release notes and
also the changelog for both BOA-2.1.1 and BOA-2.1.0 for a context, especially
if you are upgrading from BOA-2.0.9 or older release (we have tested upgrades
from as old Editions as BOA-2.0.1, released on Dec 28 07:00:00 EST 2011).
This Edition includes fixes for all Known Issues on systems already upgraded
to initial BOA-2.1.1 release, plus some extra improvements and one updated
platform (Managing News).
Important new features include ability to use either legacy (default) or
modern (highly recommended) version of Redis integration module.
The reason we don't enable the modern version by default is that it may need
some testing before using it on a complex Drupal sites. The modern version
of Redis integration module comes with some great new features which allow
you to configure flush mode per cache bin, with three modes available.
Please refer to the module README for more information on all available
advanced flush modes: http://bit.ly/1drmi35
It also comes with super-fast lock backend, which can be enabled only when
you are using the modern version, but still needs more improvements, so we
auto-configure some exceptions on the fly, when it is used, to avoid known
issues, as reported in the queue: https://drupal.org/node/2135545
Please read also INI docs to understand how it works, and how to improve
performance by enabling and tuning these settings: http://bit.ly/1bwfZZj
Enjoy!
# Updated Octopus platforms:
### Pressflow 6.28.3
Managing News 1.2.4 ---------- http://drupal.org/project/managingnews
# New features and enhancements in this release:
* Redis: Modern integration module 7.x-2.5 with latest fixes from #2135545
is available as an option with new INI variable: redis_use_modern
* Redis: New option redis_flush_forced_mode to better control flush modes
when redis_use_modern = TRUE
* Add example for custom Speed Booster cache TTL configuration in the optional
override.global.inc file. It can be used also in local.settings.php file.
* Add detection and auto-config for the allow_private_file_downloads variable.
* Issue #1978066 - Add _RESERVED_RAM variable for "reserved" memory.
* Map all old_short_name profiles relations in the Aegir Provision directly.
# Updated Aegir modules or extensions:
* Newer aegir_custom_settings 6.x-2.3 with site clone added for client role.
* Newer registry_rebuild 7.x-2.1 with fixed critical bug - see: #2130905
# Changes in this release:
* Auto-Disable views_cache_bully also when Ubercart is enabled.
* Do not delete testing profile, we need it for acquia->testing upgrade path.
* Do not map old_short_name on the Octopus level, it is moved to Provision.
* Make ACTIVE INI files comments-free to never confuse them with templates.
* Make the fix for known Feeds problem global, not just ManagingNews specific.
* PHP: 5.4.22 and 5.5.6 as an option (for testing only).
* PHP: Use latest (master) phpredis_new by default.
* Redis: Default integration module version reverted to pre-7.x-2.0 release.
* Redis: Force rebuild on system upgrade to update also Redis config.
* Redis: Make redis_lock_enable available only when redis_use_modern = TRUE
* Set opcache.revalidate_freq to 5 sec only on non-dev URLs by default.
* Switch Ubercart 3 to use D7 Minimal instead if Standard to fix upgrade path.
* Update prev release notes to explain importance of using latest Pressflow 6.
# Fixes in this release:
* Always fix permissions on contrib on upgrade and in daily.sh agent.
* Avoid files checks for Drupal for Facebook and Domain Access by default.
* Better auto-recovery when broken libcurl is detected.
* Fix for cron auto-correction.
* Fix for post-upgrade permissions issues affecting modules|themes|libraries.
* Fix for too restrictive permissions in /data/all/000/*
* Fix regression in the logic for dev URLs detection and auto-configuration.
* Fix the forced contrib upgrade logic.
* Fix the logic for cURL install from sources.
* Improve procs monitoring agent with better whitelisting.
* Improve sanitize_string() filtering to avoid issues with strong passwords.
* Issue #1860706 - Native, unified support also for D6 lock backend.
* Issue #2023895 - Do not kill java, only jetty and tomcat procs when needed.
* Issue #2105477 - Allowed gem commands need custom aliases in lshell.
* Issue #2134329 - Going from 2.0.9 to 2.1.1 does not update platforms.
* Issue #2135545 - Lock Backend freezes the site on cache clear.
* Issue #2136413 - Use -H to force correct HOME environment variable.
* Issue #2136413 - Use sudo to avoid lshell protection in DB auto-conversion.
* Make sure that /usr/local/bin is in the PATH.
* Make the check_if_required test in daily.sh six (6) times faster.
* Nginx: Fix too restrictive access policy for Aegir specific /hosting URI.
* Redis: Add some debugging on dev URLs to make sure permissions are correct.
* Redis: Added prefix support for lock backend.
* Redis: Disable persistent mode to never use on-disk storage, see #2135545
* Redis: Do not enable tcp-keepalive or weird things may happen, see #2135545
* Redis: Exclude some bins to avoid issues with lock support, see #2135545
* Redis: Missing default values on variable_get() calls causing D6 break.
* Redis: Update docs and naming convention for modern integration module.
* Silence cURL test in meta-installers.
* Sync randpass with sanitize_string().
* Set less restrictive permissions on civicrm.settings.php since
provision_civicrm does not make the file writable temporarily as it should.
# Known Issues on systems upgraded to initial BOA-2.1.2 release
==> Updated on Thu Nov 21 01:28:23 SGT 2013 with all fixes applied to stable.
* Feature Server platform is broken since BOA-2.1.0 due to incorrect context
module version downloaded via makefile. This bug affects only some instances
upgraded to head and not stable, but since in the first 24 hours after
BOA-2.1.2 release our static downloads were still out of sync on two of
our mirrors, it is safe to assume that you should run the HotFix via
boa-fix-upgrade.sh.txt anyway.
* There is regression introduced in the maintenance agent logic, which
results with dependency check effectively ignored. This may cause various
disastrous effects, like disabling all modules chained via feature or
via apps module, because apps module requires update module, which is
normally disabled. While any feature which requires dblog or update module
enabled is considered as a serious developer error and should be avoided,
we have to respect all dependencies defined to never break any site by
forcefully disabling modules.
* Part of the Site Health Check task (the `drush6 status-report` command)
breaks permissions on the site directory, which blocks any further tasks
like Clone, Migrate and Backup. This regression was introduced in the
BOA-2.1.0 release.
# HotFix for known post-upgrade issues
Run the boa-fix-upgrade script when logged in as system root:
$ cd;rm -f boa-fix-upgrade.sh.txt*
$ wget -q -U iCab http://files.aegir.cc/update/boa-fix-upgrade.sh.txt
$ bash boa-fix-upgrade.sh.txt
This script is updated once there is any new regression or bug discovered,
so it is safe and recommended to run it again if the list of known issues
have been updated. Note that this script will detect and fix all Octopus
instances on your system at once.
### Stable BOA-2.1.1 Release - Full Edition
### Date: Sat Nov 9 17:00:00 EST 2013
### Includes Aegir 2.x-boa-custom version.
# Release Notes:
There are some important bug fixes in this release, along with changes
to the Auto-(En|Dis)able agent, explained in greater detail in embedded docs
included in platform specific INI file template.
Note that the system agent doesn't modify any existing and active INI file,
so updated docs are included only in the updated each morning INI templates:
default.boa_platform_control.ini and default.boa_site_control.ini
You can find both INI templates also online at: https://omega8.cc/node/293
We have also added some docs to help you if you experience any issues
with cached, Views based pages and panels: https://omega8.cc/node/292
Note also that since BOA-2.1.0 all D6 based sites are forced to use PHP 5.3.27
on hosted and managed Aegir instances, even if they were previously configured
to use deprecated, insecure, unstable and outdated PHP 5.2 for D6 based sites.
This means that if you are using either too old D6 core (older than 6.28.x)
some features will stop working, namely imagecache, /update.php and any
feature which depends on contrib modules not yet compatible with PHP 5.3
We have allowed to use PHP 5.2 for too long, to give enough time (in years)
to upgrade to latest Pressflow 6.x version and we no longer can extend
this allowance, for obvious security and systems stability reasons.
Furthermore, sticking with PHP 5.2 would not allow us to use latest Aegir 2.x
version (BOA still includes a bit older Aegir 2.x for backward compatibility),
since newer Aegir versions need newer Drush (BOA still uses ancient Drush 4.6)
and newer Drush requires newer PHP version.
It is even more important because Drupal 8 will not run on older PHP nor Drush
older than 7.x, so there is basically no choice other than make all your sites
compatible with PHP 5.3, or you will miss all future BOA system upgrades.
Now even PHP 5.3 is officially in the EOL (End-of-Live) phase, with only
security fixes expected, but also only until July 2014 and then it will be
completely deprecated, so we will have to switch to modern PHP 5.5, first
introduced as an option, later this year.
Upgrading to latest Pressflow 6.x is *very* easy. Just add all contrib modules
you are using in your outdated 6.x platform to the latest Pressflow 6.x
platform we provide by default, reverify the new platform, clone the site
in the old platform, migrate the cloned copy to the new platform and if
everything works fine, migrate also your live site. It will take less than
15 minutes and there is absolutely no excuse to not upgrade.
If you experience issues with your site due to the old core used on now forced
PHP 5.3, we can temporarily revert it to PHP 5.2 for the last time, but it is
really a bad idea. Much better idea is to find those 15 minutes and upgrade
your site, so we could continue to provide future upgrades and new amazing
features also for your Aegir instance.
Enjoy new, shiny BOA Edition!
# Updated Octopus platforms:
### Drupal 7.23.3
Open Atrium 2.0.4 ------------ http://drupal.org/project/openatrium
Open Deals 1.31 -------------- http://drupal.org/project/opendeals
OpenBlog 1.0-a3 -------------- http://drupal.org/project/openblog
Recruiter 1.1.2 -------------- http://drupal.org/project/recruiter
Spark 1.0-a10 ---------------- http://drupal.org/project/spark
Totem 1.1.2 ------------------ http://drupal.org/project/totem
### Pressflow 6.28.3
Commons 2.13.2 --------------- http://drupal.org/project/commons
Open Atrium 1.7.2 ------------ http://drupal.org/project/openatrium
# New features and enhancements in this release:
* Document all system-level control files in docs/ctrl/system.ctrl
* Fast Redis lock implementation is now enabled by default for D6 and D7.
* Nginx: Add NAXSI (Nginx Anti XSS & SQL Injection) WAF as an option.
* Use 100% static downloads in stable to remove dependency on github and d.o
* Use extended connection check procedure before exit 1.
* Use reliable Redis UP check via PING/PONG instead of pid file check.
# Updated o_contrib modules:
* Contrib update: httprl-6.x-1.13
* Contrib update: httprl-7.x-1.13
* Contrib update: redis-7.x-2.3
* Contrib update: views_cache_bully-6.x-3.x
* Contrib update: views_cache_bully-7.x-3.x
* Contrib update: views_content_cache-7.x-3.0-alpha3
# Changes in this release:
* Introducing Pressflow 6.28.3 to include fix for #2130865
* Updated INI docs for views_cache_bully and views_content_cache.
* ProsePoint moved to unsupported.
* Private files mode in D7 requires allow_private_file_downloads = TRUE in
boa_site_control.ini or boa_platform_control.ini and is disabled by default.
* Do not enable views_cache_bully and views_content_cache, unless special
control files exist and related variables in the platform specific INI
are not set to TRUE.
* Auto-Disable views_cache_bully on sites with commerce module enabled, but
allow to override it with ~/static/control/enable_views_cache_bully.info
and views_cache_bully_dont_enable = FALSE
# Fixes in this release:
* All-in-One Site Health Check in Aegir not displayed for non-uid=1 users.
* Always prepare shared D6 and D7 cores.
* Always remove www. from the Redis cache key prefix.
* Better check for not yet updated Octopus instances in a batch upgrade mode.
* Check if ctools is enabled before attempting to enable views_content_cache.
* Do not force HEAD on Precise.
* Fix for /root/.upstart.cnf consistency.
* Fix for PATH in aegir.sh
* Fix still too aggressive procs monitoring.
* Fix the check_if_required() logic in the Auto-Disable agent.
* Improve all cURL based downloads with auto-continue mode.
* Issue #1980250 - Fix for broken cache_page bin in Redis integration module.
* Issue #2127237 - NewRelic: Unable to initialize module on Debian Wheezy.
* Issue #2128233 - Rsyslog is still installed and consumes all CPU on OpenVZ.
* Issue #2128819 - Better exceptions in too aggressive process monitoring.
* Make sure to never set any HTTP headers or redirects in the backend.
* Nginx: Do not use separate location for /images/ URI shortcut.
* Nginx: Fix for regression in "Rewrite for legacy requests with /index.php".
* Nginx: Fix the logic for restricted access to /authorize.php and /update.php
* Nginx: Map URI shortcuts early to avoid overrides in other locations.
* Remove rsyslog on VZ, if installed.
* Restore backward compatibility with IP and not wildcard based vhosts.
* Use silent upgrade mode in _LENNY_TO_SQUEEZE and _SQUEEZE_TO_WHEEZY.
* Issue #2127329 - AdvAgg (D6 version) presence in o_contrib should not
auto-disable standard aggregation, unless the module is enabled.
# Known Issues on systems upgraded to initial BOA-2.1.1 release
==> Updated on Tue Nov 12 14:44:16 EST 2013 with all fixes applied to stable.
* Fast Redis lock may cause problems on node edit, with temporary error
saying that the node was changed by "another user", because current
implementation was not multisite-aware enough.
* Views Cache Bully module, if enabled after upgrade to BOA-2.1.0, may break
the cart and checkout on sites using Ubercart, and should be disabled
automatically like it is done for Commerce based sites since BOA-2.1.1
* The version of Redis integration module included: 7.x-2.3 causes warnings
for D6 sites, visible either on dev URLs or on command line and may break
some advanced Views configurations if custom caching is not yet enabled.
It may also break menu updates due to not aggressive enough cache clear
policy for cache_menu bin.
* Permissions set daily on the civicrm.settings.php file are too restrictive
and since provision_civicrm extension does not make this file writable
before attempting to re-create it, as it should, all tasks on CiviCRM
enabled sites fail.
* Permissions on sites/all/{modules,theme,libraries} on newly added, empty
platforms with no sites created yet, so not included in the running daily
permissions fix, are initially not group writable, as they should be.
* The check_if_required procedure in the running daily maintenance agent to
detect if the module is required by any other module or feature or by
installation profile, is 6 (six) slower than it should be and never disables
devel module properly.
* The running daily maintenance agent does not disable files checks for
Drupal for Facebook (fb) and Domain Access modules as it should in the
platform level INI file, unless those modules are detected.
# HotFix for known post-upgrade issues
Run the boa-fix-upgrade script when logged in as system root:
$ cd;rm -f boa-fix-upgrade.sh.txt*
$ wget -q -U iCab http://files.aegir.cc/update/boa-fix-upgrade.sh.txt
$ bash boa-fix-upgrade.sh.txt
This script is updated once there is any new regression or bug discovered,
so it is safe and recommended to run it again if the list of known issues
have been updated.
You can also run another upgrade with "barracuda up-stable system" command,
followed by "octopus up-stable all both log" since all fixes have been applied
to current stable as well, but boa-fix-upgrade script is faster than running
complete upgrade again.
### Stable BOA-2.1.0 Release - Full Edition - Now NSA-proof
### Date: Sat Nov 2 18:15:19 EDT 2013
### Includes Aegir 2.x-boa-custom version.
# Release Notes:
There are some really important changes and improvements in this release
you should be aware of before running your BOA system upgrade.
Even if you are on a hosted BOA system with upgrades managed for you,
it is very important to read at least this release notes.
And if you are more curious, read also the giant changelog further below.
Besides all changes, fixes and improvements, all currently supported
Drupal distributions have been upgraded to use latest Drupal core versions.
Plus, there are seven (7) NEW platforms included!
#-### Control files to customize your BOA system per platform and per site
Almost all control files are now replaced with two centralized,
platform and site specific INI files, using standard PHP INI format.
The platform specific INI file template with extensive documentation
included, has filename default.boa_platform_control.ini and is located
in the sites/all/modules directory.
The site specific INI file template with extensive documentation
included, has filename default.boa_site_control.ini and is located
in the sites/foo.com/modules directory.
Any existing control files, both on the platform and site level
will be automatically converted into active INI files and then deleted
to avoid confusion, also automatically, on the first run of the special
maintenance script: /var/xdrago/daily.sh but defaults in the global.inc
file will allow for smooth, fully automated transition.
This change will improve customizing your BOA system maintainability
and overall system performance/load thanks to minimized files checks.
#-### Empty and not used platforms auto-cleanup
BOA has finally the ability to auto-delete, during daily maintenance,
which happens each morning (server time zone), all empty and not used
platforms. While on all hosted instances the TTL (time-to-live) is set
to 60 days (counted since last verify task date/time on the platform),
it can be configured per instance in the /root/.USER.octopus.cnf file
by changing value of _DEL_OLD_EMPTY_PLATFORMS variable to anything
higher than 0 (days), which is default (and means the feature is OFF).
Note that every Octopus instance upgrade re-verifies all existing platforms,
so if you will configure the TTL to 90 days but you will run the upgrade
every month or every two months, no platforms will ever be deleted.
If you wish to have this TTL customized on the hosted instance, where
it is set to 60 (days) by default, please open a support ticket via:
https://omega8.cc/support
Remotely managed BOA systems can have this feature enabled and configured
upon request submitted via https://omega8.cc/support
#-### All-in-One Site Health Check in your Aegir control panel
You will notice a new Task available on every site page in your Aegir
Control Panel, named "Run health check". This new task will run a few
important tests on your site and will store all results in the Task Log,
so you easily review all results by clicking on the "View" button to the
right of the task, when it is complete. Make sure to check all details
by clicking on the "Expand" links in the log.
What are the tests included?
1. The "drush clean-modules" command will be run for you to make sure
there is no module left in the system table as "enabled" while it
no longer even exists on the system. This part will utilize (behind
the scenes) extension: https://drupal.org/project/clean_missing_modules
If it will find any such leftover, it will clean it up, automatically.
2. The "drush6 pm-updatestatus" command is a native Drush command which
tells you if there are any waiting module/code updates in the site.
Note: it will *not* upgrade anything, it is a check only.
Of course there should be no updates waiting if you follow Aegir
site upgrade best practices and your site's code is up to date.
Yes, this check will automatically enable the "update" module for you,
but it will not auto-disable it afterwards (to not break things in case
it is required by some other module or feature).
3. The "drush6 status-report" command is a native Drush command
which provides you a complete overview of your site status.
Instead of logging into the site, you can review it easily here.
4. The "drush6 updatedb-status" command is a native Drush command
which tells you if there are any waiting database updates in the site.
Note: it will *not* apply these updates, it is a check only.
Of course there should be no updates waiting if you follow Aegir
site upgrade best practices, but who knows, hence the check.
5. The "drush security-review" command will run only on Drupal 7 based sites
and provides some additional information by using (behind the scenes)
this extension: https://drupal.org/project/security_review
#-### PFS (Perfect Forward Secrecy) support in Nginx
BOA now fully supports the most secure, yet still compatible with most
used systems and browsers SSL configuration.
All hosted BOA instances have been already upgraded automatically and
you don't need to do anything to make it work -- it is already done
for you -- both on any SSL enabled site with dedicated certificate
and IP address and also on the standard, system-wide SSL proxy level,
which is available for every hosted site -- just type HTTPS:// in the URL.
On self-hosted instances it needs to be enabled by adding a line in your
/root/.barracuda.cnf file: _NGINX_FORWARD_SECRECY=YES before the upgrade.
Note that depending on the system used, it may auto-install some
requirements like latest OpenSSL libraries and packages.
Remotely managed BOA systems can have this feature enabled upon request
submitted via https://omega8.cc/support
#-### SPDY (new networking protocol) support in Nginx
BOA now fully supports the advanced, new protocol which allows to run
sites over HTTPS with much better performance than plain HTTP.
While not all browsers support this protocol yet, it is already enabled
by default on all hosted BOA instances (but obviously works only when you
access the site via HTTPS:// in the URL).
On self-hosted instances it needs to be enabled by adding a line in your
/root/.barracuda.cnf file: _NGINX_SPDY=YES before the upgrade.
Note that depending on the system used, it may auto-install some
requirements like latest OpenSSL libraries and packages.
Remotely managed BOA systems can have this feature enabled upon request
submitted via https://omega8.cc/support
#-### Zend OPcache replaced APC in PHP
Newer versions of PHP already come with next generation opcode cache
from Zend, which is now open-sourced and available also as an extension
for older PHP versions, including 5.2 and 5.3
BOA leverages this opportunity and now uses Zend OPcache instead of APC.
This change is introduced automatically on all systems, both hosted
and managed for you and also self-hosted.
Only Debian Squeeze and Ubuntu Precise systems which are using PHP
installed from packages and not from sources, so with _BUILD_FROM_SRC=NO
set in the /root/.barracuda.cnf file, still use APC by default.
You can install Zend OPcache by changing it to _BUILD_FROM_SRC=YES
before running the upgrade.
Note that Zend OPcache default configuration caches every script for
60 seconds, so any changes you will introduce, will be visible with
up to 1 minute delay. However, if there is .dev. or .devel. in the site
name, this delay is lowered automatically to just 1 second.
You can change the default per site permanently by adding in the
local.settings.php preferred value, for example, to set it to 10 seconds:
ini_set('opcache.revalidate_freq', '10'); -- but remember that you will
override default (1 second) for dev URLs using this method.
Enjoy the most advanced, NSA-proof BOA Edition yet!
# New Octopus platforms:
### Drupal 7.23.3
Open Academy 1.0-rc3 --------- http://drupal.org/project/openacademy
Open Atrium 2.0 -------------- http://drupal.org/project/openatrium
OpenBlog 1.0-a2 -------------- http://drupal.org/project/openblog
OpenScholar 3.8.1 ------------ http://openscholar.harvard.edu
Recruiter 1.1 ---------------- http://drupal.org/project/recruiter
Spark 1.0-a9 ----------------- http://drupal.org/project/spark
Totem 1.1 -------------------- http://drupal.org/project/totem
# Updated Octopus platforms:
### Drupal 7.23.3
Commerce 1.20 ---------------- http://drupal.org/project/commerce_kickstart
Commerce 2.9 ----------------- http://drupal.org/project/commerce_kickstart
Commons 3.4 ------------------ http://drupal.org/project/commons
Conference 1.0-a2 ------------ http://drupal.org/project/cod
Drupal 7.23.3 ---------------- http://drupal.org/drupal-7.23
Open Deals 1.27 -------------- http://drupal.org/project/opendeals
Open Outreach 1.2 ------------ http://drupal.org/project/openoutreach
OpenChurch 1.11-b14 ---------- http://drupal.org/project/openchurch
Panopoly 1.0-rc5 ------------- http://drupal.org/project/panopoly
Ubercart 3.5.1 --------------- http://drupal.org/project/ubercart
### Pressflow 6.28.2
Commons 2.13 ----------------- http://drupal.org/project/commons
Feature Server 1.2 ----------- http://bit.ly/fserver
Managing News 1.2.3 ---------- http://drupal.org/project/managingnews
Open Atrium 1.7.1 ------------ http://drupal.org/project/openatrium
Pressflow 6.28.2 ------------- http://pressflow.org
ProsePoint 0.46 -------------- http://prosepoint.org
Ubercart 2.12.1 -------------- http://drupal.org/project/ubercart
# New features and enhancements in this release:
* Add a workaround for an edge case problem -- a missing /etc/resolv.conf
* Add auto-config for AdvAgg on both Drupal 7 and Drupal 6.
* Add command to check for available updates: `drushextra check updates`
* Add gems for Omega 4 by default.
* Add sass-globbing gem by default.
* Allow to install latest OpenSSH from sources with _SSH_FROM_SOURCES
* Allow to install latest OpenSSL from sources with _SSL_FROM_SOURCES
* Anonymize lshell intro message.
* Better code sharing with central core dirs for all built-in platforms.
* BOA installer wrapper depends on curl instead of wget.
* Do not stop/start cron if /root/.upstart.cnf control file exists.
* Drush: Add embedded how-to for aliased commands.
* Enable views_cache_bully and views_content_cache if views is enabled.
* Firewall: Disable incoming ping/ICMP.
* Firewall: Protect port 80 only with CONNLIMIT and remove it from PORTFLOOD.
* Firewall: Update config template and enable port/syn flood protection
* FTP: Allow to list/see up to 3000 files/subdirs in a directory.
* Improve daily.sh performance.
* Improve dist-upgrade procedure.
* Improve docs/MODULES.txt
* Improve meta-installers auto-update procedures.
* Improve SQL limits auto-configuration.
* Install pdnsd as a last service.
* Issue #2000932 - Add also zen-grids.
* Issue #2015553 - Fix the logic for protected registration of new accounts.
* Issue #2044589 - SPDY Nginx support.
* Issue #2052703 - Conversion from control files to ini includes.
* Issue #2092599 - Switch to disable MySQL password reset on upgrades.
* Issue #2105477 - Add support for bundler gem.
* Issue #2116387 - Nginx and PHP: Improve system hardening.
* Issue #2116395 - Nginx: Better protection and 404 instead of 403.
* Issue #2118393 - Mark drush/cron as newrelic_background_job
* Make Bazaar installation optional with BZR keyword required in _XTRAS_LIST
* Nginx: Use forced HTTPS-only access for Chive and SQL Buddy.
* PHP: Add experimental support for 5.4 and 5.5
* PHP: Install Zend OPcache instead of deprecated APC by default.
* PHP: Reload FPM hourly unless /root/.high_traffic.cnf exists.
* Restart db server when backup is complete if /root/.my.optimize.cnf exists.
* Restore support for Expire and Purge modules.
* Shell: Add gunzip to allowed commands.
* Shell: Disable mc on the fly unless /root/.allow.mc.cnf control file exists.
* Shell: Use MySecureShell 1.31 for SFTP by default.
* Try to download wrapper 4 times before it gives up.
* Use MySQLTuner to better tune SQL configuration on install and upgrade.
* Use sqlmagic to fix errors caused by duplicate keys in the db dump.
* Use standard D7 profile for Ubercart 3 and update related contrib.
* We no longer depend on drupal.org for any downloads.
* Add optional, configurable per site, automated and smart (via sqlmagic tool)
DB table format/engine conversion, enabled per instance with non-default
_SQL_CONVERT=YES option.
* Add support for _MODULES_SKIP variable and make the auto-disable agent
much smarter to never disable any module defined as required by any other
module or feature.
* Improve auto-recovery from manual permissions/ownership big mistakes
related to critical files and dirs.
* Issue #2067193 - PFS (Perfect Forward Secrecy) support in Nginx with
_NGINX_FORWARD_SECRECY=YES config option.
* Use _DEL_OLD_EMPTY_PLATFORMS to enable and define auto-cleanup for old,
empty platforms with no sites hosted, separately per Satellite instance
(it does not affect Master instance).
* Issue #2000932 - Add more Compass tools/extensions: (compass_radix,
zurb-foundation) and make sure the gems are updated on upgrade.
* Nginx: Add support for domain specific /robots.txt mapped to static
files/$host.robots.txt to make it possible to manage it per domain
also when Domain Access module is used.
* Improve the logic for daily permissions fix (no longer enabled by default)
and make it configurable via _PERMISSIONS_FIX variable.
* Improve the logic for daily modules fix (still enabled by default)
and make it configurable via _MODULES_FIX variable.
* Generate static sites/foo.com/files/robots.txt file per site, which is
mapped to /robots.txt
# New and updated Aegir modules or extensions:
* Add security_review extension
* Use registry_rebuild 7.x-2.x
# New o_contrib modules:
* Add Advagg 6 and 7 to all platforms.
* Add force_password_change to all platforms.
* Add views_cache_bully to all platforms.
# Changes in this release:
* All D6 based sites are forced to use latest PHP 5.3.27 version.
* Chive 1.3
* cURL 7.33.0 as an option.
* Drush 5.10.0 and 6.1.0 (available as drush5 and drush6)
* Git 1.8.4.1
* Lshell 0.9.16.4-om8
* MariaDB 5.5.33a
* Nginx 1.5.6
* Nginx: ngx_cache_purge-2.1
* OpenSSH 6.3p1 as an option.
* Percona 5.5.33
* PHP 5.4.21 and 5.5.5 as an option.
* Redis 2.6.16
* Vnstat 1.11
* Deprecate CiviCRM as a separate platform.
* Remove obsolete MartPlug distro.
* Move OpenPublish to unsupported.
* Move NodeStream to unsupported.
* Do not include D6 core translations, never included also in D7 platforms.
* Do not include notoriously buggy backup_migrate module.
# Fixes in this release:
* Add all extra, non-standard options in the barracuda.cnf docs template.
* Add built-in support for Domain Access also for sites/all/modules/contrib
* Add exception to support commerce_multicurrency module properly.
* Add info about self-signed SSL certificate in the welcome e-mail (again).
* Add support for /usr/etc/sshd_config if exists.
* Always force update_newrelic - even if there is no new PHP version.
* Better check for GitHub partial downtime.
* Better logic for clean resolvconf re-install when needed.
* Contrib: Make the list readable.
* Delete too old pid files if any exists.
* Do not allow to break working DNS cache server with parent system overrides.
* Do not allow to install OpenSSL and cURL from sources also on Precise.
* Do not install rsyslog on VZ based VM.
* Do not set session.cookie_secure on SSL requests for sites < D7
* Enable dev mode also when HTTP_HOST begins with dev.
* Firewall: Adjust some defaults to improve flood protection,
* Firewall: Always upgrade, unless _CUSTOM_CONFIG_CSF is set to YES.
* Firewall: Better support for auto-whitelisting multi-IP systems.
* Firewall: Fix csf.uidignore file to whitelist important system uids.
* Firewall: Fix for csf template on VZ.
* Firewall: Improve some flood protection defaults.
* Firewall: Improve whitelisted IPs msg.
* Firewall: Remove deprecated monitoring for now closed port 25 (incoming).
* Firewall: Update config template.
* Firewall: VZ compatibility.
* Fix for /etc/resolv.conf and curl requirement in the BOA Meta Installer.
* Fix for cron tasks queue.
* Fix for forced pdnsd and resolvconf upgrades.
* Fix for incorrect nproc discovery results on some VM systems.
* Fix for proper handling mysql connections leftovers.
* Fix for selected packages hold status.
* Fix for the auto-update logic -- now it is default.
* Fix permissions for control files to avoid leftovers on delete task.
* Fix permissions on default backup_migrate dirs.
* Fix the auto-healing to avoid killing all php-fpm processes at midnight.
* Fix the automatic generation of static robots.txt file per site.
* Fix the daily enable/disable logic and use faster drush version.
* Fix the logic for chained installs from sources on upgrade.
* Fix the makefiles to avoid issues after d.o upgrade.
* Fix the not really working auto-healing to properly restart mysqld.
* Fix the not really working lshell logs monitor.
* Force clean pdnsd and resolvconf reinstall when needed.
* Force contrib update to include redis module stable release.
* Force cURL and OpenSSH re-install from sources when OpenSSL is from src.
* Force Git rebuild from sources if SSL/cURL was built from sources.
* Force Lshell rebuild when OpenSSL is installed from sources.
* Force MSS and FTP rebuild when OpenSSL is installed from sources.
* Force Nginx, PHP and Pure-FTPd re-install when OpenSSL is from sources.
* Force PHP-FPM restart if 9+ connections with 499 in the last 60 seconds.
* Generate 2048 bit long DH parameters when _NGINX_FORWARD_SECRECY=YES
* IDS monitor should use lower defaults after introducing last min checks.
* Improve gem and bundler allowed/denied restrictions.
* Improve procs monitoring and whitelist backend tasks properly.
* Improvements for Ubercart 2 installation + contrib updates.
* Install latest CGP, collectd 5 compatible.
* Issue #1751916 - Add Spark 1.0-a9
* Issue #1874786 - Fix for GNU Mailutils support.
* Issue #1991312 - Fix support and auto-config for AdvAgg 7 and HTTPRL.
* Issue #1991658 - Firewall: Close port 25 for incoming connections
* Issue #1994346 - DoS protection for not cached URLs doesn't respect $scheme
* Issue #1994346 - Fix the logic for SSESS/SESS prefix in the cookie name.
* Issue #1995342 - X-Accel-Expires is never send when $expire_in_seconds == 0
* Issue #2002678 - barracuda up-stable system adds annoying extra delay.
* Issue #2005116 - 403 on every attempt to log in from Hostmaster homepage.
* Issue #2015551 - Fix for broken dev mode support switch.
* Issue #2015551 - Fix the keyword check used to trigger "dev" mode.
* Issue #2020043 - Send PUT requests for *.json URI to Drupal.
* Issue #2032379 - _AUTOPILOT=YES should be forced also for "silent" modes.
* Issue #2083373 - drush dl foo --destination=/path/ should be restricted.
* Issue #2101193 - Support Drupal for Facebook from sites/all/modules/contrib
* Issue #2105259 - All Platforms Installation Fails with Permission Denied.
* Issue #2116177 - Use phpredis 2.2.4
* Lshell: Better settings for newer Drush versions.
* Lshell: Fix for env_path
* Lshell: version update and monitoring improvements.
* Make sure o_contrib is updated also on head-to-head upgrades.
* Make sure to rebuild PHP if cURL is installed from sources.
* Make the upgrade e-mail generic.
* More compact code for downloads.
* Move csf/lfd corrections after pdnsd install.
* Move the giant modules list from README.txt to docs/MODULES.txt
* Nginx: Add access protection for .txt files in the modules|themes|libraries.
* Nginx: Add access protection with fast 404 also for authorize.php
* Nginx: Add access protection with fast 404 for extra .php known URLs.
* Nginx: Add example site specific config for legacy .php URIs 301 redirects.
* Nginx: Better support for static and dynamic .json requests/URIs
* Nginx: Deny spiders on glossary/* URI, as they are never allowed to crawl.
* Nginx: Fix for dynamically generated PDFs.
* Nginx: Fix for redirects for legacy URLs with asp/aspx extension.
* Nginx: Improve auto-whitelisting in the access log monitor.
* Nginx: Improve POST requests monitoring.
* Nginx: Move AJAX and webform requests location after civicrm location.
* Nginx: Normalize newlines and spacing when fixing proxy config files.
* Nginx: Remove 'results' from the bots-protected URI regex.
* Nginx: Remove deprecated conf.d directory, if exists.
* Nginx: Replace legacy keyword gulag with neutral limreq everywhere.
* Nginx: Replace the zone legacy name also in Provision.
* Nginx: Rewrite legacy requests with /index.php to extension-free URL.
* Nginx: The /admin* URI protection logic has been moved to global.inc
* Nginx: Update gzip_types to list all expected mime.types
* Nginx: Update headers for AdvAgg compatibility.
* Nginx: Update mime.types
* Nginx: Use more precise wildcard in paths for replacements.
* PHP: 5.4 requires uploadprogress-1.0.3.1
* PHP: Disable ionCube Loader for PHP 5.5
* PHP: Do not force extensions re-install unless _PHP_FORCE_REINSTALL=YES
* PHP: Fix config overrides for 5.4 and 5.5
* PHP: Fix possible issues with legacy 5.2 support logic.
* PHP: Fix unintended overrides in the ini files.
* PHP: Force All Extensions Rebuild when _FROM_SOURCES=NO
* PHP: Force APC instead of Zend OPcache on Squeeze/Precise on no-src install.
* PHP: Force legacy version rebuild if exists.
* PHP: Improve rebuild logic if SSL/cURL was built from sources.
* PHP: Make sure that latest version of ionCube loader is installed.
* PHP: Rebuild extensions also for 5.2, even if _PHP_MODERN_ONLY=YES
* PHP: Set opcache.revalidate_freq to 1 second on dev alias/URL on the fly.
* PHP: Start more FPM workers by default to avoid Nginx 499 and timeouts.
* PHP: Use correct version of ioncube_loader for 5.4
* PHP: Use pecl-jsmin-0.1.1 with newer PHP versions.
* PHP: Zend OPcache is a zend_extension and needs full path in the php.ini
* Redis: Make redis_client_password optional and none by default.
* Reload PHP-FPM before auto-healing will force its restart after midnight.
* Remove already deprecated platforms.
* Remove insecure files from libraries/plupload/examples.
* Remove lock files before adding new users.
* Security updates for selected contrib on all affected D7 platforms.
* Shell: Fix FTPS compatibility after switching to MySecureShell
* Shell: Sync IdleTimeOut for MSS with SSH and FTPS default 15m.
* Shorten some too long status messages.
* Silent Mode Option: aegir == Only stock Aegir forced up-head upgrade.
* Simplify vnstat setup.
* Split usage monitor into two separate scripts.
* SQL auto-healing should always stop-stop-start and not just restart it.
* SQL: Allow the engine to manage correct innodb_thread_concurrency value.
* SSH: Make sure that 'UseDNS no' is always set.
* Sync $cookie_domain validation with Drupal 7 core.
* Sync dates with BOA defaults.
* Unify apt-get options order.
* Update for Redis config template.
* Update or create /etc/apt/sources.list early enough.
* Update PHP and SQL config early enough to avoid issues during upgrade.
* Use --force-yes option if apt-get -y is used.
* Use correct version of /etc/apt/preferences
* Use drush6 only when required.
* Use extended GitHub tests on HEAD and non-stock build only.
* Use forced symlinks mode if possible.
* Use is_readable() check instead of file_exists() for all includes.
* Use mirror downloads for all contrib and patches to make it faster.
* Use more restrictive permissions on lshell log files.
### Stable BOA-2.0.9 Release - Barracuda Edition
### Date: Thu May 9 11:25:59 EDT 2013
### Includes Aegir from BOA-2.0.8 Edition
# This is the first Barracuda-only Edition, released to address important
security issue with Nginx server and provide system level upgrades.
This Edition will not upgrade Aegir Master nor Aegir Satellite Instances,
because there was no new Drupal core released since BOA-2.0.8 Edition and
there were not enough updates to built-in platforms or contrib accumulated.
Releasing Barracuda-only Edition separately from full Edition allows us
to address system/services security issues without any extra delay,
while releasing Octopus-only Edition will allow us to provide Drupal core
or Aegir version upgrades, without affecting system level services.
There is also another reason why separate releases will be useful.
BOA-2.0.9 is the last Edition where Aegir 2.x still uses old Drush 4.6
in the backend. We need to sync BOA specific Aegir 2.x with upstream
and finally switch to Drush 5, or even Drush 6, if possible.
This change, however, may cause issues if you still host legacy Drupal 5
or some old Drupal 6 sites, with either core or contrib not compatible
with PHP 5.3, which is now used by default.
That is why we plan to introduce ability to install older/previous
Barracuda and/or Octopus release, if you need more time to upgrade.
# New features and enhancements in this release:
* Debian 7.0 Wheezy support.
* Automated upgrade from Squeeze with _SQUEEZE_TO_WHEEZY=YES option.
* Added config template with inline how-to in docs/cnf/barracuda.cnf
* Added config template with inline how-to in docs/cnf/octopus.cnf
* Added passwords encryption how-to in docs/BLOWFISH.txt
* Added the list of symbols used on install in docs/PLATFORMS.txt
* Forced mysql restart if there are too many high CPU mysqld processes.
* Improved docs/NOTES.txt
* Improved docs/README.txt
* Install libpam-unix2 and libxcrypt1 by default.
* Install s3cmd by default.
* Issue #1974640 - Allow to use Midnight Commander for limited shell users.
* Limited Shell Logs Monitor enabled by default.
* Nginx: Check for Linux/Cdorked.A malware and delete if discovered.
* Re-generate and sync Aegir passwords before and after instance upgrade.
* The silent 'system' mode documented in docs/UPGRADE.txt
* Allow to exclude platform from otherwise forced `drush en entitycache -y`
if sites/all/modules/entitycache_dont_enable.info control file is present.
# Changes in this release:
* Nginx 1.5.0 - security upgrade for CVE-2013-2028
* PHP 5.3.25
* Redis 2.6.13
* Do not disable update module in platforms known to include it as required.
* Firewall: Open port 1129 for outgoing connections (some gateways need it).
* Force syslog module as disabled by default and save some disk I/O.
* Tune kernel to always use max RAM and not swap, if possible.
# Fixes in this release:
* Add outgoing port 25 SMTP to the list of requirements.
* Firewall: Add truly permanent block for heavy abusers.
* Fix for mytop support, available again on systems with MariaDB.
* Fix permissions in the /data/all tree if required.
* Fix the order of checks - they scan only the last (current) minute.
* Force _STRONG_PASSWORDS=NO if locales still look broken on second check.
* Improve detecting no longer running drush.php and/or cron PHP processes.
* Improve fix_locales logic.